1

Reading the google docs (https://developers.google.com/identity/protocols/OAuth2WebServer#callinganapi), it says i can revoke token (and thus force a login with credentials) by calling credentials.revoke.

What would be the flask-oathlib way to do this?

Sapsi
  • 711
  • 5
  • 16
  • I tried ```response = requests.get('https://accounts.google.com/o/oauth2/revoke', params={'token': session.get('google_token')[0]} )``` but it doesn't force a authentication – Sapsi Sep 15 '17 at 11:20

1 Answers1

0

Flask-OAuthlib itself didn't provide a way to revoke token. (I'm the author of Flask-OAuthlib)

My new project Authlib has provided a revoke_token method for OAuth 2.0. However, Google's revoke token endpoint doesn't respect RFC7009, which means the revoke_token method provided by Authlib can not be used.

You can send a HTTP request directly to revoke token endpoint:

curl -H "Content-type:application/x-www-form-urlencoded" \
    https://accounts.google.com/o/oauth2/revoke?token={token}

BTW, if you need a RFC7009 revoke token method, checkout the source code in https://github.com/lepture/authlib/blob/master/authlib/client/oauth2.py

lepture
  • 2,307
  • 16
  • 18